Private Apps
You can automatically protects private apps behind a login prompt. In order to achieve this, you'll need to:
-
Add an
email
field to your global config// ~/.config/smallweb/config.json { "email": "[email protected]" }
-
Set the private field to true in your app's config.
// ~/smallweb/private-app/smallweb.json { "private": true }
The next time you'll try to access the app, you'll be prompted with a login screen (provided by lastlogin.net).
Additionaly, you can generate tokens for non-interactive clients using the smallweb token
create command.
smallweb token create --description "CI/CD pipeline"
Then, you can pass this token in the Authorization
header of your requests.
curl https://private-app.smallweb.run -H "Authorization: Bearer <token>"
or alternatively, use the basic auth username.
curl https://private-app.smallweb.run -u "<token>"
# or
curl https://<token>@private-app.smallweb.run
If your app is public, but you still want to protect some routes, you can use the privateRoutes
field in your app's config.
// ~/smallweb/private-app/smallweb.json
{
"privateRoutes": ["/private/*"]
}
There is also a publicRoutes
field that you can use to protect all routes except the ones listed.
{
"private": true,
"publicRoutes": ["/public/*"]
}